Details of VAR-202301-0558

ID

VAR-202301-0558

CVE

CVE-2022-47974

TITLE

EMUI and HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001768

DESCRIPTION

The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-47974 // JVNDB: JVNDB-2023-001768 // VULHUB: VHN-449902 // VULMON: CVE-2022-47974

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	12.0.1	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-001768 // NVD: CVE-2022-47974

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-47974
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-47974
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202301-435
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-47974
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-47974
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-001768 // CNNVD: CNNVD-202301-435 // NVD: CVE-2022-47974

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-001768 // NVD: CVE-2022-47974

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202301-435

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-435

PATCH

title:	security-bulletins-202301-0000001435541166 Huawei Support Bulletin	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166	Trust: 0.8
title:	HUAWEI EMUI/Magic UI Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=221312	Trust: 0.6

sources: JVNDB: JVNDB-2023-001768 // CNNVD: CNNVD-202301-435

EXTERNAL IDS

db:	NVD	id:	CVE-2022-47974	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-001768	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-435	Trust: 0.6
db:	VULHUB	id:	VHN-449902	Trust: 0.1
db:	VULMON	id:	CVE-2022-47974	Trust: 0.1

sources: VULHUB: VHN-449902 // VULMON: CVE-2022-47974 // JVNDB: JVNDB-2023-001768 // CNNVD: CNNVD-202301-435 // NVD: CVE-2022-47974

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2023/1/	Trust: 1.8
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202301-0000001435541166	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-47974	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-47974/	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202301-0000001435541166	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-449902 // VULMON: CVE-2022-47974 // JVNDB: JVNDB-2023-001768 // CNNVD: CNNVD-202301-435 // NVD: CVE-2022-47974

SOURCES

db:	VULHUB	id:	VHN-449902
db:	VULMON	id:	CVE-2022-47974
db:	JVNDB	id:	JVNDB-2023-001768
db:	CNNVD	id:	CNNVD-202301-435
db:	NVD	id:	CVE-2022-47974

LAST UPDATE DATE

2024-08-14T15:26:55.219000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-449902	date:	2023-01-12T00:00:00
db:	VULMON	id:	CVE-2022-47974	date:	2023-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2023-001768	date:	2023-05-09T01:38:00
db:	CNNVD	id:	CNNVD-202301-435	date:	2023-01-13T00:00:00
db:	NVD	id:	CVE-2022-47974	date:	2023-01-12T16:17:06.877

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-449902	date:	2023-01-06T00:00:00
db:	VULMON	id:	CVE-2022-47974	date:	2023-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2023-001768	date:	2023-05-09T00:00:00
db:	CNNVD	id:	CNNVD-202301-435	date:	2023-01-05T00:00:00
db:	NVD	id:	CVE-2022-47974	date:	2023-01-06T20:15:09.830